turtini-dev serve — live dev environment for AI-coded sites
`turtini-dev serve` runs a local HTTP server that turns any AI-generated site (Lovable, Bolt, raw Vite output, hand-written HTML) into a live development environment connected to your real Turtini org. It serves files, proxies API calls, and live-reloads the browser when you save.
Why this exists:
You used Lovable/Bolt/Cursor to draft a landing page or app. The static output looks great, but it can't read your contacts, list your articles, or write to your CRM — there's no backend. `turtini-dev serve` plugs your AI-coded site into Turtini as the backend, with your API key kept server-side so it never ships to the browser.
What it does:
1. Serves static files from a directory (./dist by default; auto-detects ./build, ./public, ./out)
2. Proxies /__turtini/* to api.turtini.com and injects your Bearer token server-side
3. Injects an SSE-based live-reload snippet into every HTML response — file changes refresh the open tab
4. Optional SPA fallback (4xx → /index.html) for client-routed apps
Quickstart:
1. Generate a Turtini API key with the scopes your site needs (Settings → Developer → API Keys)
2. `turtini-dev login` (or set TURTINI_API_KEY in env)
3. From your project directory:
turtini-dev serve --dir ./dist
▲ Turtini Live Dev — http://localhost:3000 · My Org
dir: ./dist · api proxy: /__turtini → https://api.turtini.com
4. From your site's JavaScript, call the public API through the proxy:
fetch('/__turtini/v1/contacts').then(r => r.json())
The CLI injects your API key on the way out — your bundle never sees it.
Common flags:
• --dir <path> — directory to serve (default: auto-detect)
• --port <n> — port (default: 3000)
• --api-prefix <prefix> — proxy path prefix (default: /__turtini)
• --no-reload — disable live-reload injection
• --spa — fall back to /index.html on 404 (for client-routed React/Vue apps)
Live reload:
On every file change in --dir, the server fans out an SSE event to all connected browsers and the page reloads. Works with any AI tool that writes files to disk (Lovable's local export, Bolt's project download, Cursor's edits, hand-saved files in your editor).
Security:
• The API key is held in memory by the local CLI process and added as Authorization: Bearer on each proxied request
• It's never written to served HTML, JS, or env-files in the browser bundle
• /__turtini/* is the only path that proxies — direct paths to your own static files don't leak the key
• When you stop the CLI (Ctrl+C), the proxy closes — the deployed/static version of your site no longer has API access (which is what you want; production needs a real backend)
Pairing with GitHub export and pull-to-host:
• Code with Lovable/Bolt/Cursor against `turtini-dev serve`
• When ready, push to GitHub
• Connect the repo to Turtini's pull-to-host (roadmap, Phase 3) — Turtini hosts the static files at your domain and routes /__turtini/* to api.turtini.com on your behalf
• You graduated from "AI built me a site" to "Turtini hosts my AI-coded site, with my real org data behind it" — no backend coding required
Layer C of the developer-platform roadmap. Layer A is the SDK + Public API write surface; Layer B is @turtini/mcp for AI-IDE agents; Layer D (AI-shared org context) is on the roadmap.